{ "type": "bundle", "id": "bundle--5a3bc375-9994-4da9-81c8-4ae4950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T09:00:02.000Z", "modified": "2017-12-22T09:00:02.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5a3bc375-9994-4da9-81c8-4ae4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T09:00:02.000Z", "modified": "2017-12-22T09:00:02.000Z", "name": "M2M - GlobeImposter \"..doc\" 2017-12-21 : \"Emailing:\n IMG_20171221...\" - \"IMG_20171221_123456789.7z\"", "context": "suspicious-activity", "object_refs": [ "indicator--5a3bc375-de0c-47ae-af32-45c5950d210f", "indicator--5a3bc376-5f9c-4992-a153-4c05950d210f", "indicator--5a3bc378-8954-4209-bea4-4011950d210f", "indicator--5a3bc379-ac38-4cbf-9304-45d1950d210f", "observed-data--5a3bc37a-f64c-4eee-92ba-427e950d210f", "network-traffic--5a3bc37a-f64c-4eee-92ba-427e950d210f", "ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f", "indicator--5a3bc37b-c260-420e-9178-4b9b950d210f", "indicator--5a3bc37c-9f38-46de-a8de-4713950d210f", "observed-data--5a3bc37d-f7dc-4258-b593-41c2950d210f", "network-traffic--5a3bc37d-f7dc-4258-b593-41c2950d210f", "ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f", "indicator--5a3bc37e-54c0-4d7d-a89f-4089950d210f", "indicator--5a3bc37f-ea88-4ab1-8811-4af1950d210f", "observed-data--5a3bc380-b65c-40e8-ad73-41c3950d210f", "network-traffic--5a3bc380-b65c-40e8-ad73-41c3950d210f", "ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f", "indicator--5a3bc381-5220-4b01-b9b9-4043950d210f", "indicator--5a3bc382-2fd4-4d3e-a16c-4061950d210f", "observed-data--5a3bc384-4eb4-46f4-97df-4023950d210f", "network-traffic--5a3bc384-4eb4-46f4-97df-4023950d210f", "ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f", "indicator--5a3bc385-6590-4606-9803-4a12950d210f", "indicator--5a3bc386-7418-4367-b4ff-455d950d210f", "observed-data--5a3bc387-a4b4-4062-8b13-4d8d950d210f", "network-traffic--5a3bc387-a4b4-4062-8b13-4d8d950d210f", "ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f", "indicator--5a3bc388-c17c-4ba3-a574-4365950d210f", "indicator--5a3bc389-80a8-4af8-9ed5-4efd950d210f", "observed-data--5a3bc38a-76b8-4392-825d-48d0950d210f", "network-traffic--5a3bc38a-76b8-4392-825d-48d0950d210f", "ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f", "indicator--5a3bc38b-58c8-4bfd-a772-409f950d210f", "indicator--5a3bc38d-aed8-4dda-b3bf-4cc3950d210f", "observed-data--5a3bc38f-50cc-48d5-9ab1-487a950d210f", "network-traffic--5a3bc38f-50cc-48d5-9ab1-487a950d210f", "ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f", "indicator--5a3bc390-aa34-4c5f-bc2b-4c76950d210f", "indicator--5a3bc391-d2f8-4838-a1c0-4443950d210f", "observed-data--5a3bc393-e048-4eca-adfe-4674950d210f", "network-traffic--5a3bc393-e048-4eca-adfe-4674950d210f", "ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f", "indicator--5e0141dd-e62d-46be-8334-e694d79e1948", "x-misp-object--f43c4029-244c-4480-bd5a-f66813f29880", "indicator--43c2c13e-5c17-437d-b1e2-1d313df6a66c", "x-misp-object--07ce48ac-3329-4f1f-8035-67b5c734832f", "relationship--36419bb2-2b84-4fc4-b0eb-7a586355a723", "relationship--58ce5246-40a2-4e15-8022-b70258fe8b57" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc375-de0c-47ae-af32-45c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-21T14:21:41.000Z", "modified": "2017-12-21T14:21:41.000Z", "pattern": "[file:hashes.MD5 = '413a1ee232d056934a5b6fe29d689bed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-21T14:21:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc376-5f9c-4992-a153-4c05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-21T14:21:42.000Z", "modified": "2017-12-21T14:21:42.000Z", "pattern": "[file:hashes.MD5 = '40b0769ba2e5d575cdd325b81ffd8792']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-21T14:21:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc378-8954-4209-bea4-4011950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[url:value = 'http://www.g-v-s.ru/psndhFTwd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc379-ac38-4cbf-9304-45d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[domain-name:value = 'www.g-v-s.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a3bc37a-f64c-4eee-92ba-427e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "first_observed": "2017-12-22T08:59:45Z", "last_observed": "2017-12-22T08:59:45Z", "number_observed": 1, "object_refs": [ "network-traffic--5a3bc37a-f64c-4eee-92ba-427e950d210f", "ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a3bc37a-f64c-4eee-92ba-427e950d210f", "dst_ref": "ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f", "value": "31.31.196.244" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc37b-c260-420e-9178-4b9b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[url:value = 'http://www.homody.com/psndhFTwd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc37c-9f38-46de-a8de-4713950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[domain-name:value = 'www.homody.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a3bc37d-f7dc-4258-b593-41c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "first_observed": "2017-12-22T08:59:45Z", "last_observed": "2017-12-22T08:59:45Z", "number_observed": 1, "object_refs": [ "network-traffic--5a3bc37d-f7dc-4258-b593-41c2950d210f", "ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a3bc37d-f7dc-4258-b593-41c2950d210f", "dst_ref": "ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f", "value": "184.154.46.39" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc37e-54c0-4d7d-a89f-4089950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[url:value = 'http://www.mcwhorterdesign.com/psndhFTwd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc37f-ea88-4ab1-8811-4af1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[domain-name:value = 'www.mcwhorterdesign.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a3bc380-b65c-40e8-ad73-41c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "first_observed": "2017-12-22T08:59:45Z", "last_observed": "2017-12-22T08:59:45Z", "number_observed": 1, "object_refs": [ "network-traffic--5a3bc380-b65c-40e8-ad73-41c3950d210f", "ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a3bc380-b65c-40e8-ad73-41c3950d210f", "dst_ref": "ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f", "value": "184.168.38.1" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc381-5220-4b01-b9b9-4043950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[url:value = 'http://www.seffafkartvizitim.com/psndhFTwd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc382-2fd4-4d3e-a16c-4061950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[domain-name:value = 'www.seffafkartvizitim.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a3bc384-4eb4-46f4-97df-4023950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "first_observed": "2017-12-22T08:59:45Z", "last_observed": "2017-12-22T08:59:45Z", "number_observed": 1, "object_refs": [ "network-traffic--5a3bc384-4eb4-46f4-97df-4023950d210f", "ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a3bc384-4eb4-46f4-97df-4023950d210f", "dst_ref": "ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f", "value": "185.111.232.52" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc385-6590-4606-9803-4a12950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[url:value = 'http://www.topanswertips.info/psndhFTwd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc386-7418-4367-b4ff-455d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[domain-name:value = 'www.topanswertips.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a3bc387-a4b4-4062-8b13-4d8d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "first_observed": "2017-12-22T08:59:45Z", "last_observed": "2017-12-22T08:59:45Z", "number_observed": 1, "object_refs": [ "network-traffic--5a3bc387-a4b4-4062-8b13-4d8d950d210f", "ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a3bc387-a4b4-4062-8b13-4d8d950d210f", "dst_ref": "ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f", "value": "50.62.25.129" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc388-c17c-4ba3-a574-4365950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[url:value = 'http://www.tuminsaat.com/psndhFTwd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc389-80a8-4af8-9ed5-4efd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[domain-name:value = 'www.tuminsaat.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a3bc38a-76b8-4392-825d-48d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "first_observed": "2017-12-22T08:59:45Z", "last_observed": "2017-12-22T08:59:45Z", "number_observed": 1, "object_refs": [ "network-traffic--5a3bc38a-76b8-4392-825d-48d0950d210f", "ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a3bc38a-76b8-4392-825d-48d0950d210f", "dst_ref": "ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f", "value": "50.62.232.1" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc38b-58c8-4bfd-a772-409f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[url:value = 'https://topyzscsu5poprxy.onion.link/shfgealjh.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc38d-aed8-4dda-b3bf-4cc3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[domain-name:value = 'topyzscsu5poprxy.onion.link']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a3bc38f-50cc-48d5-9ab1-487a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "first_observed": "2017-12-22T08:59:45Z", "last_observed": "2017-12-22T08:59:45Z", "number_observed": 1, "object_refs": [ "network-traffic--5a3bc38f-50cc-48d5-9ab1-487a950d210f", "ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a3bc38f-50cc-48d5-9ab1-487a950d210f", "dst_ref": "ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f", "value": "103.198.0.2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc390-aa34-4c5f-bc2b-4c76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[url:value = 'http://psoeiras.net/js/count.php?nu=105&fb=110']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a3bc391-d2f8-4838-a1c0-4443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "pattern": "[domain-name:value = 'psoeiras.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a3bc393-e048-4eca-adfe-4674950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:45.000Z", "modified": "2017-12-22T08:59:45.000Z", "first_observed": "2017-12-22T08:59:45Z", "last_observed": "2017-12-22T08:59:45Z", "number_observed": 1, "object_refs": [ "network-traffic--5a3bc393-e048-4eca-adfe-4674950d210f", "ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a3bc393-e048-4eca-adfe-4674950d210f", "dst_ref": "ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f", "value": "74.220.219.67" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e0141dd-e62d-46be-8334-e694d79e1948", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:48.000Z", "modified": "2017-12-22T08:59:48.000Z", "pattern": "[file:hashes.MD5 = '40b0769ba2e5d575cdd325b81ffd8792' AND file:hashes.SHA1 = '88793e0e6329cbfa02a7f6ad2f80a4d6fa01ff0f' AND file:hashes.SHA256 = '410efb1938ab06cf29acbcd24a3eca81c5d6d0c84778997adad1b5f0ecfb455c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f43c4029-244c-4480-bd5a-f66813f29880", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:47.000Z", "modified": "2017-12-22T08:59:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/410efb1938ab06cf29acbcd24a3eca81c5d6d0c84778997adad1b5f0ecfb455c/analysis/1513929885/", "category": "External analysis", "uuid": "5a3cc983-2004-4ca7-a44a-c5ba02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/66", "category": "Other", "uuid": "5a3cc983-8b20-4d33-bd68-c5ba02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-22 08:04:45", "category": "Other", "uuid": "5a3cc983-7470-40db-98a9-c5ba02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--43c2c13e-5c17-437d-b1e2-1d313df6a66c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:50.000Z", "modified": "2017-12-22T08:59:50.000Z", "pattern": "[file:hashes.MD5 = '413a1ee232d056934a5b6fe29d689bed' AND file:hashes.SHA1 = 'f25c81b44fc15a67240430503753a913c27125dc' AND file:hashes.SHA256 = '66f13fb763cb982fc7fa685f84020ab95a5b1fe64d981ccda827749928704599']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-22T08:59:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--07ce48ac-3329-4f1f-8035-67b5c734832f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-22T08:59:47.000Z", "modified": "2017-12-22T08:59:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/66f13fb763cb982fc7fa685f84020ab95a5b1fe64d981ccda827749928704599/analysis/1513900202/", "category": "External analysis", "uuid": "5a3cc983-79a0-4e1a-870b-c5ba02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/67", "category": "Other", "uuid": "5a3cc983-7aa4-45e4-a33c-c5ba02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-21 23:50:02", "category": "Other", "uuid": "5a3cc983-5240-46b9-b7cb-c5ba02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--36419bb2-2b84-4fc4-b0eb-7a586355a723", "created": "2017-12-22T08:59:47.000Z", "modified": "2017-12-22T08:59:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5e0141dd-e62d-46be-8334-e694d79e1948", "target_ref": "x-misp-object--f43c4029-244c-4480-bd5a-f66813f29880" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--58ce5246-40a2-4e15-8022-b70258fe8b57", "created": "2017-12-22T08:59:48.000Z", "modified": "2017-12-22T08:59:48.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--43c2c13e-5c17-437d-b1e2-1d313df6a66c", "target_ref": "x-misp-object--07ce48ac-3329-4f1f-8035-67b5c734832f" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }